1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Whale Intelligent Application Activex BO

HTTP MS Whale Intelligent Application Activex BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability in the Microsoft Intelligent Application Gateway ActiveX control.

Additional Information

Microsoft Intelligent Application Gateway (IAG) 2007 is an application server for Microsoft Windows. It includes a Client Components ActiveX control.

The ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. These issues affect the 'CheckForUpdates()' and 'UpdateComponents()' methods in the control provided by 'WhlMgr.dll'. The ActiveX control is identified by CLSID:

8D9563A9-8D5F-459B-87F2-BA842255CB9A

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway.

Versions prior to IAG 2007 3.7 SP2 are vulnerable.

Affected

  • Microsoft Intelligent Application Gateway (IAG) 2007 Client Components

Response

The vendor has released updates. Please contact the vendor for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube